Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2020-25718

Published: 18/02/2022 Updated: 17/09/2023
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Samba

Vulnerability Summary

A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

samba samba

fedoraproject fedora 35

Vendor Advisories

Debian Security Advisories: DSA-5003-1 samba -- security update
Several vulnerabilities have been discovered in Samba, a SMB/CIFS file, print, and login server for Unix CVE-2016-2124 Stefan Metzmacher reported that SMB1 client connections can be downgraded to plaintext authentication CVE-2020-25717 Andrew Bartlett reported that Samba may map domain users to local users in an undesired way, al ...
Red Hat: CVE-2020-25718
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller) This would allow an RODC to print administrator tickets ...
Arch Linux Issues:
A security issue has been found in Samba versions 400 to 4151 The Samba AD DC, when joined by an RODC, did not confirm if the RODC was allowed to print a ticket for that user ...
Amazon Linux 2022: ALAS2022-2022-022
A flaw was found in the way samba implemented SMB1 authentication An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required (CVE-2016-2124) A flaw was found in the way Samba maps domain users to local users An authenticated attacker could use this flaw to cause possible pri ...
Amazon Linux 2022: ALAS-2022-224
ALAS-2022-224 Amazon Linux 2022 Security Advisory: ALAS-2022-224 Advisory Release Date: 2022-12-06 16:42 Pacific ...

Mailing Lists

Full Disclosure: Fwd: Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Fwd: Samba 4152, 41410, 41314 Security Releases are available for Download <!--X-Subject-Header-End--> <!--X-Head-of-Mes ...

References

CWE-862https://www.samba.org/samba/security/CVE-2020-25718.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=2019726https://security.gentoo.org/glsa/202309-06https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-5003
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook